Your employees have gone rogue. No, they're not selling secrets to competitors or anything so nefarious, but they are using IT systems and services without the express knowledge of the company they work for. This is known as Shadow IT and it's a growing problem within enterprises propagated by the fact business leaders seem to be turning the other cheek.
Hand shadow picture from Shutterstock
Be it putting work documents in Dropbox or a developer creating an app to streamline administrative tasks, Shadow IT is happening in many organisations. I knew a guy who worked for a psychology practice who would transcribe confidential patient interviews at home using Dragon NaturallySpeaking software.
It often happens right under the noses of managers who have either buried their head in the sand or are simply oblivious to the issue. Either way, Shadow IT is often harmless and usually allows employees to work more efficiently, until something goes wrong. The reality is, these secret IT offerings are outside the control of IT departments that are charged with ensuring security and compliance of business data and systems. So if an incident does occur, such as the loss of a confidential work document that was stored in a user's personal Dropbox, there's not much an organisation can do about it.
To illustrate the nature and extent of Shadow IT in organisations, here are some facts and figures from Cisco. The data comes from Cisco's own customers:
- IT departments estimated their companies used 51 cloud services. In actual fact, there are actually an average of 730 cloud services in use. That's a lot of services the IT departments were not aware of.
- Shadow IT figures are growing at such a rapid rate that Cisco anticipates that by the end of this calendar year, there will be 20 times more hidden cloud services that will be used by employees within organisations, which equates to over 1000 external cloud services per year.
- The Shadow IT epidemic is widespread across all industries and geographies.
There's no overarching reason why managers and IT departments have allowed the Shadow IT problem to balloon. Perhaps its to avoid conflict (if you want to stop being non-confrontational, we have a guide here) or because the unauthorised applications are actually making worklife better for employees. If it's the latter, then maybe it's time to re-evaluate your organisation's procurement arrangements.
"[Procurement] processes have been around for decades and now they must be re-thought and re-designed," Ipswitch vice president of international sales, Alessandro Porro, said. His company creates IT management software.
"The needs of the staff who are operating in the shadow also need to be considered. Organisations need to focus on these needs and consider what is needed to make employees more efficient, more effective and ultimately happier whie moving out of the shadow."
Having an open dialogue with employees is important. Most workers don't want to deliberately break the rules but may feel like they have no choice because the IT provided by their companies are so inadequate. Understanding the gripes of these workers is a crucial step in remedying Shadow IT.
Completely getting rid of Shadow IT would require infrastructure and services that is flexible enough to please users and satisfy business requirements. Why not try building your own services to compete with Shadow IT?
According to VMware business solutions strategist in EMEA, Sean Harris, this is entirely possible through a private cloud model, it's just most traditional organisations lack the key skills and organisational components to do so. But if you're willing to invest in creating the organisational structure, developing in-house development skills and implementing the processes required to provide IT-as-a-service to your workers, it will be beneficial in the long-run.
"In the end, customers will always choose the services that best meet their needs and cause them the least amount of pain, be it financial or operational," Harris said in a blog post.
"Working to become your business’ preferred service provider will likely take time and resources, but in the long run, it can mean the difference between a role as a strategic partner to the business or the eventual extinction of the IT department as an antiquated cost center."